'''OWASP SAMM v1.5 available in the downloads section!''' (Announcement Coming)

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

Revision as of 13:25, 28 February 2017

OWASP SAMM v1.5 available in the downloads section! (Announcement Coming)

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

Evaluate an organization’s existing software security practices

Build a balanced software security assurance program in well-defined iterations

Demonstrate concrete improvements to a security assurance program

Define and measure security-related activities throughout an organization

Change Log

Email List

Project Leaders

Related Projects

Classifications

The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.

The monthly call is on each 2nd Wednesday of the month at 21h30 CEST / 3:30pm EST.
Please join our GoToMeeting: https://global.gotomeeting.com/join/262891661
The call is open for everybody interested in SAMM or who wants to work on SAMM.

"The SAMM summit provided an opportunity to breathe new life into a framework that I use to facilitate my day-to-day work and support my customers." Bruce C Jenkins, Fortify Security Lead, Hewlett-Packard Company

Previous workshop Notes:

During the AppSec conferences, the SAMM project team organises workshops for you to influence the direction SAMM evolves.

This is also an excellent opportunity to exchange experiences with your peers.

If you plan on attending http://appsec.eu be sure to get involved in the SAMM workshop (scheduled on Jun-23).

The agenda for the SAMM Workshop in Cambridge on 23-Jun-2014 is available here.

Previous workshop notes:

The notes for the SAMM Workshop in New York on 21-Nov-2013 are available here.

The notes for the SAMM Workshop in Hamburg on 21-Aug-2013 are available here.

Pravir Chandra - first presentation discussing the next generation to the CLASP Project- a complete working of the details into a Software Assurance Maturity Model (SAMM). (download presentation) - 2009

Carlos Allendes created a presentation in Spanish on SAMM during the 2011 LatAm tour, download the presentation.
Hubert Grégoire and Sebastien Gioria created a French translation of the OpenSAMM 1.0 Overview presentation available for download here.

You can use Crowdin to help improve these translations or add new ones right now!